From de98c544b73adc4f1e4410d2a6f6741d9b9d54cb Mon Sep 17 00:00:00 2001 From: "adhavan.m" Date: Fri, 26 Oct 2018 19:51:13 +0530 Subject: [PATCH] Svace issues fixes Change-Id: Ia945059c0d439f634a4254e6393b1f8e32f5067c Signed-off-by: adhavan.m --- src/plugin.c | 11 ++++++++++- src/sdb.c | 5 +++-- src/sdb.h | 2 +- src/services.c | 14 ++++++++++++-- src/socket_local_client.c | 4 ++-- src/transport.c | 6 +----- src/transport_local.c | 10 ++-------- 7 files changed, 31 insertions(+), 21 deletions(-) diff --git a/src/plugin.c b/src/plugin.c index 3deabcb..9c5058c 100644 --- a/src/plugin.c +++ b/src/plugin.c @@ -124,6 +124,7 @@ static int load_plugin_not_default() void readxml() { char * buffer = NULL; long length; + size_t result; FILE * fptr = fopen(PLUGIN_XML_PATH, "rb"); if (fptr == NULL) { @@ -133,10 +134,18 @@ void readxml() { fseek(fptr, 0, SEEK_END); length = ftell(fptr); + if (length <= 0) { + E("commands.xml is empty\n"); + return; + } fseek(fptr, 0, SEEK_SET); buffer = malloc(length); if (buffer) { - fread(buffer, 1, length, fptr); + result = fread(buffer, 1, length, fptr); + if (result != length) { + E("xml file read error\n"); + return; + } } fclose(fptr); if (buffer) { diff --git a/src/sdb.c b/src/sdb.c index 8b79e84..ba6e1ac 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -103,6 +103,7 @@ struct group_info g_default_groups[] = { }; #define SDB_DEFAULT_GROUPS_CNT ((sizeof(g_default_groups)/sizeof(g_default_groups[0]))-1) +#define BUF_SIZE 4096 int is_init_sdk_userinfo = 0; int is_pwlocked = 0; // 0 if unlocked, 1 otherwise @@ -629,9 +630,9 @@ static void send_connect(atransport *t) } if (extcmd != NULL) { - char extbuf[4096]; + char extbuf[BUF_SIZE] = {0,}; snprintf(extbuf, sizeof extbuf, "::%s", extcmd); - strcat((char*) cp->data, extbuf); + strncat((char*) cp->data, extbuf, sizeof(cp->data) - strlen(cp->data)- 1); } cp->msg.data_length = strlen((char*) cp->data) + 1; D("CNXN data: %s\n", (char*)cp->data); diff --git a/src/sdb.h b/src/sdb.h index b2d01ac..129b5fc 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -352,7 +352,7 @@ void run_transport_disconnects( atransport* t ); void kick_transport( atransport* t ); /* initialize a transport object's func pointers and state */ -int init_socket_transport(atransport *t, int s, int port, int local); +void init_socket_transport(atransport *t, int s, int port, int local); void init_usb_transport(atransport *t, usb_handle *usb, int state); /* for MacOS X cleanup */ diff --git a/src/services.c b/src/services.c index b6863b0..03e2751 100644 --- a/src/services.c +++ b/src/services.c @@ -1412,9 +1412,19 @@ int request_extcmd_to_plugin(const char* in_buf) { int cmd = atoi(cmd_no); char* exec_type = tokens[args_cnt - 1]; - strcat(full_cmd, cmd_name); + if (strlen(cmd_name) >= ENV_BUF_MAX) { + strncat(full_cmd, cmd_name, ENV_BUF_MAX - 1); + full_cmd[ENV_BUF_MAX - 1] = '\0'; + } + else { + strcat(full_cmd, cmd_name); + } + int i = 1; for(;i < args_cnt - 2;i++) { + if (strlen(full_cmd) + strlen(tokens[i]) + 1 >= ENV_BUF_MAX) { + break; + } strcat(full_cmd, " "); strcat(full_cmd, tokens[i]); } @@ -1433,7 +1443,7 @@ int request_extcmd_to_plugin(const char* in_buf) { return -1; } - if (full_cmd != NULL) { + if (strlen(full_cmd) > 0) { in->number_of_parameter = 1; in->array_of_parameter = (parameter*) malloc(sizeof(parameter)); if (in->array_of_parameter == NULL) { diff --git a/src/socket_local_client.c b/src/socket_local_client.c index 586a71a..ab9c127 100644 --- a/src/socket_local_client.c +++ b/src/socket_local_client.c @@ -76,7 +76,7 @@ int socket_make_sockaddr_un(const char *name, int namespaceId, } s_strncpy(p_addr->sun_path, FILESYSTEM_SOCKET_PREFIX, strlen(FILESYSTEM_SOCKET_PREFIX)); - strncat(p_addr->sun_path, name, strlen(name)); + strncat(p_addr->sun_path, name, sizeof(p_addr->sun_path) - strlen(p_addr->sun_path) - 1); #endif /*HAVE_LINUX_LOCAL_SOCKET_NAMESPACE*/ break; @@ -89,7 +89,7 @@ int socket_make_sockaddr_un(const char *name, int namespaceId, } s_strncpy(p_addr->sun_path, ANDROID_RESERVED_SOCKET_PREFIX, strlen(ANDROID_RESERVED_SOCKET_PREFIX)); - strncat(p_addr->sun_path, name, strlen(name)); + strncat(p_addr->sun_path, name, sizeof(p_addr->sun_path) - strlen(p_addr->sun_path) - 1); break; case ANDROID_SOCKET_NAMESPACE_FILESYSTEM: diff --git a/src/transport.c b/src/transport.c index a5df573..4137842 100644 --- a/src/transport.c +++ b/src/transport.c @@ -744,11 +744,7 @@ void register_socket_transport(int s, const char *serial, int port, int local, c serial = buff; } D("transport: %s init'ing for socket %d, on port %d (%s)\n", serial, s, port, device_name); - if ( init_socket_transport(t, s, port, local) < 0 ) { - sdb_close(s); - free(t); - return; - } + init_socket_transport(t, s, port, local); /* Allow ONLY a single connection with sdb server. */ sdb_mutex_lock(&transport_lock); diff --git a/src/transport_local.c b/src/transport_local.c index 16cd7de..eab7712 100644 --- a/src/transport_local.c +++ b/src/transport_local.c @@ -379,8 +379,7 @@ int connect_nonb(int sockfd, const struct sockaddr *saptr, socklen_t salen, tval.tv_usec = 0; if ((n = select(sockfd + 1, &rset, &wset, NULL, nsec ? &tval : NULL)) == 0) { - sdb_close(sockfd); /* timeout */ - errno = ETIMEDOUT; + errno = ETIMEDOUT; /* timeout */ return (-1); } if (FD_ISSET(sockfd, &rset) || FD_ISSET(sockfd, &wset)) { @@ -397,7 +396,6 @@ int connect_nonb(int sockfd, const struct sockaddr *saptr, socklen_t salen, } if (error) { - sdb_close(sockfd); /* just in case */ errno = error; return (-1); } @@ -569,10 +567,8 @@ static void remote_close(atransport *t) sdb_close(t->fd); } -int init_socket_transport(atransport *t, int s, int sdb_port, int local) +void init_socket_transport(atransport *t, int s, int sdb_port, int local) { - int fail = 0; - t->kick = remote_kick; t->close = remote_close; t->read_from_remote = remote_read; @@ -582,6 +578,4 @@ int init_socket_transport(atransport *t, int s, int sdb_port, int local) t->connection_state = CS_OFFLINE; t->type = kTransportLocal; t->sdb_port = 0; - - return fail; } -- 2.34.1